Volume Number: 23 (2007)
Issue Number: 12
Column Tag: Systems Administration

Leopard's New Toolbox

What's new for the system administrator

by By Philip Rinehart, Yale University

Every system administrator has a number of tools in their toolbox. Third parties provide some tools, some are home grown, and others are based on tool provided by the operating system or developer tools. While much has been made of the new gee-whiz features of Leopard, the system administrator has not been neglected! Let's start with one of my favorites, dtrace.

In Leopard, a decision was made to include a tool developed by Sun Microsystems, dtrace. What is the tool? The description from Sun best says it, "DTrace is a comprehensive dynamic tracing framework for the Solaris Operating Environment. DTrace provides a powerful infrastructure to permit administrators, developers, and service personnel to concisely answer arbitrary questions about the behavior of the operating system and user programs." In Leopard, it has been tightly integrated with the kernel, and can track many different operations, including file systems operations, memory operations, as well as many others. They are all tracked with the use of "probes". What does this mean for the system administrator?

Dtrace allows any system administrator to track a problem of any piece software without having debugging code present. It is dynamic! There is one drawback though, one has to learn the D language, which is very similar to C. Ick, another programming language to learn. Well, not quite, fortunately a tool for using dtrace was included in Leopard, dtruss. Originally part of the dtrace toolkit written by Brendan Gregg, it has been ported over to OS X. Here's a really simple example:

dtruss ls

What does this command do? It prints a ton of information from the kernel, including file system operations, memory operations, as well as any other call that passes through the kernel. The format of the output is pretty dense however, so can an option help? You bet, add the -s for a stack backtrace. This prints information on the stack in a much more readable format, including information directly related to the call being made. A couple of other very useful options are:

-p to attach to a pid

-n to attach to the name of a process

-f to follow children of a launched process

In general, this tool could be used to track a whole host of information about processes, and problems that have previously been difficult to troubleshoot. I admit it, I'm a command line junkie, but what if there was a more fun way to do it? A new tool that sits on top of Dtrace has been introduced, Instruments. It is supposed to be "GarageBand" for developers. Sounds strange doesn't it? Let's take a quick look. Launch Instruments from the Developer Tools. Figure 1 is how the window appears:

Figure 1

Wow, cool! It's even easier to track a couple of pieces of information that traditionally have been hard to track as a sysadmin. For a quick hit, select File Activity. Figure 2 shows how the left side of the panel appears:

Note how some nice defaults have been added. All of these attributes might be pieces of information that are important when trying to track down how an application is misbehaving. Figure 3 is a quick example of what the output might look like:

Figure 2

Each individual piece of information can be examined, and it can be tracked over time. That's only the beginning! The complete library of information that can be tracked is quite large. CPU Activity, Network Activity, a huge number of things can be tracked, and not one bit of programming has to be learned. It really simplifies the tracking of problems and is really up to your imagination. No more using fs_usage to track problems, hoorah! One last thing: the information can be saved, and sent to the Developer or shared with other system administrators.

Figure 3

Package construction has changed significantly in Leopard. It can now watch the file system and create "snapshots". Launch Packagemaker, select the Project menu, and then choose Add Snapshot Package. It will watch the file system and monitor all changes. Click the Start button, and the process starts. Click Stop and the process then stops. After that click Next to proceed to the screen where cruft can be eliminated. Figure 4 is an example of how it might appear:

Figure 4

Taking a look at this, it is easy to eliminate certain files right off the bat. Uncheck them if they are not to be included. Some are relatively easy, such as .DS_Store files, or files in /private/var. That's the first step! Next, Save the snapshot.

Figure 5

Figure 5 shows how the snapshot appears. From there, the new Packagemaker allows for all the permissions to be altered to whatever is desired. The snapshot of information can be customized, including look and feel. The package build process is also much more informative, as it now can highlight the problem found when building a package for distribution. The interface is highlighted, showing where the error should be fixed.

Even more has been added, an Automator-like interface has been added to pre and postinstall actions. They included loading kernel extensions, getting applications or a few other items. Requirements can even be specified so that an application can be installed only on a system that meets the requirements. Note that even snapshot packages can have these requirements applied.

These are two of the big tools that have been added to Leopard that will make a system administrator's life easier. Packagemaker can be used to repackage applications that are not in the Apple package format. Once installed, Instruments and dtruss can help the system administrator troubleshoot applications. These tools also aid the system administrator in providing feedback to the Developer of the application so it can be properly rewritten.

Now that you've read about the tools, start playing with them. I've already found them immensely useful, and made my life easier. See you at MacWorld!

Philip Rinehart is co-chair of the steering committee leading the Mac OS X Enterprise Project (macenterprise.org) and is the Lead Mac Analyst at Yale University. He has been using Macintosh Computers since the days of the Macintosh SE, and Mac OS X since its Developer Preview Release. Before coming to Yale, he worked as a Unix system administrator for a dot-com company. He can be reached at: philip.rinehart@yale.edu. The MacEnterprise project is a community of IT professionals sharing information and solutions to support Macs in an enterprise. We collaborate on the deployment, management, and integration of Mac OS X client and server computers into multi-platform computing environments.